*Letters

D.C. Data Privacy Protection Bill

Published on:
November 8, 2019
Issue:

Summary

SIFMA provided feedback on B23-215, the D.C. Data Privacy Protection Bill which would generally modernize the District’s data breach law while keeping the law in line with similar requirements across the country. SIFMA generally supports such efforts and commends Attorney General Racine and the Council on their efforts in this space. 

Excerpt

The Honorable Phil Mendelson

Chair, Council of the District of Columbia

Chair, Committee of the Whole

Wilson Building, Room 412

1350 Pennsylvania Avenue, N.W.

Washington, DC 20004

RE: DC B23-215, A Bill Regarding Data Privacy Protection

Dear Chair Mendelson:

The Securities Industry and Financial Markets Association1 is a national trade association which brings together the shared interests of over 340 broker-dealers, banks and asset managers, many of whom have a strong presence in the District of Columbia. We thank you for the opportunity to provide feedback on B23-215, which would generally modernize the District’s data breach law while keeping the law in line with similar requirements across the country.

SIFMA generally supports such efforts and commends Attorney General Racine and the Council on their efforts in this space. Below we have included several suggestions for your review that would both strengthen consumer protections and increase the proposed framework’s efficiency:

The Need to Expand the Gramm-Leach-Bliley Act Compliance Provision

The current law states that entities subject to Title V of the GLBA, and who provide notice of a breach in accordance with that Act, are deemed to be compliant with the District’s law. As currently drafted, B23-215 would add two new provisions to the existing law, both of which would be outside of the GLBA deemed-compliance provision: notification to the District Attorney General, and an additional security requirement. We urge you to consider expanding the GLBA deemed-compliance provision to include both provisions, or at least modifying the notification provision, for the reasons discussed below.

Continue Reading

Details

Download

More Content

  • Letters
    May 04, 2026

    Data Supporting the Modernization of the Communications Retention Requirements

    SIFMA and SIFMA AMG provided data to supplement their October 15, 2025 letter regarding the SEC's communications recordkeeping requirements.
  • Letters
    May 04, 2026

    Supplemental Request for Immediate Extension of Tick Size and Access Fee Compliance Dates

  • Letters
    May 01, 2026

    Modernizing FINRA Arbitration Rules, Guidance and Processes

Get the latest trends, stats, and research on financial markets and securities.